diff options
| -rw-r--r-- | keystone-moon/keystone/contrib/moon/controllers.py | 2 | ||||
| -rw-r--r-- | keystone-moon/keystone/contrib/moon/core.py | 46 | ||||
| -rw-r--r-- | moonclient/moonclient/action_categories.py | 22 | ||||
| -rw-r--r-- | moonclient/moonclient/object_categories.py | 22 | ||||
| -rw-r--r-- | moonclient/moonclient/subject_categories.py | 22 | ||||
| -rw-r--r-- | moonclient/moonclient/tests/tests_action_categories.json | 236 | ||||
| -rw-r--r-- | moonclient/moonclient/tests/tests_object_categories.json | 236 | ||||
| -rw-r--r-- | moonclient/moonclient/tests/tests_subject_categories.json | 236 |
8 files changed, 765 insertions, 57 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index 239650f5..0be0d7e5 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -126,7 +126,7 @@ class IntraExtensions(controller.V3Controller): def _get_user_id_from_token(self, token_id): response = self.token_provider_api.validate_token(token_id) token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response) - return token_ref.get('user') + return token_ref.get('user')['id'] # IntraExtension functions @controller.protected() diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index dc431a49..a92f026a 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -142,7 +142,6 @@ def enforce(action_names, object_name, **extra): def wrap(func): def wrapped(*args, **kwargs): - # global ADMIN_ID, ROOT_EXTENSION_ID returned_value_for_func = None self = args[0] try: @@ -152,29 +151,7 @@ def enforce(action_names, object_name, **extra): intra_extension_id = None intra_admin_extension_id = None - # try: intra_root_extension_id = self.root_api.get_root_extension_id() - # except RootExtensionNotInitialized: - # # Root extension is not initialized, the current requested function must be the creation - # # of this root extension - # returned_value_for_func = func(*args, **kwargs) - # # after the creation, we must update ROOT_EXTENSION_ID and ADMIN_ID - # intra_extensions_dict = self.admin_api.driver.get_intra_extensions_dict() - # for ext in intra_extensions_dict: - # if intra_extensions_dict[ext]["model"] == ROOT_EXTENSION_MODEL: - # ROOT_EXTENSION_ID = ext - # break - # if not ROOT_EXTENSION_ID: - # raise RootExtensionUnknown() - # subjects_dict = self.admin_api.driver.get_subjects_dict(returned_value_for_func['id']) - # for subject_id in subjects_dict: - # if subjects_dict[subject_id]["name"] == "admin": - # ADMIN_ID = subject_id - # break - # if not ADMIN_ID: - # raise RootExtensionUnknown() - # # if all is OK, return values from func (creation of the root extension) - # return returned_value_for_func try: intra_extension_id = args[2] except IndexError: @@ -183,7 +160,7 @@ def enforce(action_names, object_name, **extra): else: intra_extension_id = intra_root_extension_id - if user_id == self.root_api.get_root_admin_id(): + if self.root_api.is_admin_subject(user_id): # TODO: check if there is no security hole here returned_value_for_func = func(*args, **kwargs) else: @@ -238,7 +215,14 @@ def enforce(action_names, object_name, **extra): try: subject_name = subjects_dict[user_id]["name"] except KeyError: - raise SubjectUnknown() + subject_name = None + # Try if user_id is a Keystone ID + try: + for _subject_id in subjects_dict: + if subjects_dict[_subject_id]["keystone_id"] == user_id: + subject_name = subjects_dict[_subject_id]["name"] + except KeyError: + raise SubjectUnknown() intra_admin_extension_id = intra_root_extension_id subjects_dict = self.admin_api.driver.get_subjects_dict(intra_admin_extension_id) user_id = None @@ -2073,9 +2057,7 @@ class IntraExtensionRootManager(IntraExtensionManager): def __init__(self): super(IntraExtensionRootManager, self).__init__() extensions = self.admin_api.driver.get_intra_extensions_dict() - LOG.debug("extensions {}".format(extensions)) for extension_id, extension_dict in extensions.iteritems(): - LOG.debug("{} / {}".format(extension_dict["name"], CONF.moon.root_policy_directory)) if extension_dict["name"] == CONF.moon.root_policy_directory: self.root_extension_id = extension_id break @@ -2094,9 +2076,7 @@ class IntraExtensionRootManager(IntraExtensionManager): return {self.root_extension_id: self.admin_api.driver.get_intra_extensions_dict()[self.root_extension_id]} def __compute_admin_id_for_root_extension(self): - LOG.debug(self.admin_api.driver.get_subjects_dict(self.root_extension_id)) for subject_id, subject_dict in self.admin_api.driver.get_subjects_dict(self.root_extension_id).iteritems(): - LOG.debug("subject_name = {}".format(subject_dict["name"])) if subject_dict["name"] == "admin": return subject_id raise RootExtensionNotInitialized() @@ -2107,6 +2087,14 @@ class IntraExtensionRootManager(IntraExtensionManager): def get_root_admin_id(self): return self.root_admin_id + def is_admin_subject(self, keystone_id): + for subject_id, subject_dict in self.admin_api.driver.get_subjects_dict(self.root_extension_id).iteritems(): + if subject_id == keystone_id: + # subject_id may be a true id from an intra_extension + return True + if subject_dict["name"] == "admin" and subject_dict["keystone_id"] == keystone_id: + return True + return False @dependency.provider('moonlog_api') # Next line is mandatory in order to force keystone to process dependencies. diff --git a/moonclient/moonclient/action_categories.py b/moonclient/moonclient/action_categories.py index 33875f56..44818760 100644 --- a/moonclient/moonclient/action_categories.py +++ b/moonclient/moonclient/action_categories.py @@ -28,11 +28,9 @@ class ActionCategoriesList(Lister): parsed_args.intraextension = self.app.intraextension data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/action_categories".format(parsed_args.intraextension), authtoken=True) - if "action_categories" not in data: - raise Exception("Error in command {}: {}".format("ActionCategoriesList", data)) return ( - ("action_categories",), - ((_uuid, ) for _uuid in data["action_categories"]) + ("id", "name", "description"), + ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) ) @@ -53,19 +51,25 @@ class ActionCategoriesAdd(Command): metavar='<intraextension-uuid>', help='IntraExtension UUID', ) + parser.add_argument( + '--description', + metavar='<description-str>', + help='Category description', + ) return parser def take_action(self, parsed_args): if not parsed_args.intraextension: parsed_args.intraextension = self.app.intraextension data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/action_categories".format(parsed_args.intraextension), - post_data={"action_category_id": parsed_args.action_category}, + post_data={ + "action_category_name": parsed_args.action_category, + "action_category_description": parsed_args.description, + }, authtoken=True) - if "action_categories" not in data: - raise Exception("Error in command {}".format(data)) return ( - ("action_categories",), - ((_uuid, ) for _uuid in data["action_categories"]) + ("id", "name", "description"), + ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) ) diff --git a/moonclient/moonclient/object_categories.py b/moonclient/moonclient/object_categories.py index caae13c3..6c0076ff 100644 --- a/moonclient/moonclient/object_categories.py +++ b/moonclient/moonclient/object_categories.py @@ -28,11 +28,9 @@ class ObjectCategoriesList(Lister): parsed_args.intraextension = self.app.intraextension data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/object_categories".format(parsed_args.intraextension), authtoken=True) - if "object_categories" not in data: - raise Exception("Error in command {}: {}".format("ObjectCategoriesList", data)) return ( - ("object_categories",), - ((_uuid, ) for _uuid in data["object_categories"]) + ("id", "name", "description"), + ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) ) @@ -53,19 +51,25 @@ class ObjectCategoriesAdd(Command): metavar='<intraextension-uuid>', help='IntraExtension UUID', ) + parser.add_argument( + '--description', + metavar='<description-str>', + help='Category description', + ) return parser def take_action(self, parsed_args): if not parsed_args.intraextension: parsed_args.intraextension = self.app.intraextension data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/object_categories".format(parsed_args.intraextension), - post_data={"object_category_id": parsed_args.object_category}, + post_data={ + "object_category_name": parsed_args.object_category, + "object_category_description": parsed_args.description, + }, authtoken=True) - if "object_categories" not in data: - raise Exception("Error in command {}".format(data)) return ( - ("object_categories",), - ((_uuid, ) for _uuid in data["object_categories"]) + ("id", "name", "description"), + ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) ) diff --git a/moonclient/moonclient/subject_categories.py b/moonclient/moonclient/subject_categories.py index 93f56bd3..274ab211 100644 --- a/moonclient/moonclient/subject_categories.py +++ b/moonclient/moonclient/subject_categories.py @@ -28,11 +28,9 @@ class SubjectCategoriesList(Lister): parsed_args.intraextension = self.app.intraextension data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/subject_categories".format(parsed_args.intraextension), authtoken=True) - if "subject_categories" not in data: - raise Exception("Error in command {}: {}".format("SubjectCategoriesList", data)) return ( - ("subject_categories",), - ((_uuid, ) for _uuid in data["subject_categories"]) + ("id", "name", "description"), + ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) ) @@ -53,19 +51,25 @@ class SubjectCategoriesAdd(Command): metavar='<intraextension-uuid>', help='IntraExtension UUID', ) + parser.add_argument( + '--description', + metavar='<description-str>', + help='Category description', + ) return parser def take_action(self, parsed_args): if not parsed_args.intraextension: parsed_args.intraextension = self.app.intraextension data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/subject_categories".format(parsed_args.intraextension), - post_data={"subject_category_id": parsed_args.subject_category}, + post_data={ + "subject_category_name": parsed_args.subject_category, + "subject_category_description": parsed_args.description, + }, authtoken=True) - if "subject_categories" not in data: - raise Exception("Error in command {}".format(data)) return ( - ("subject_categories",), - ((_uuid, ) for _uuid in data["subject_categories"]) + ("id", "name", "description"), + ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) ) diff --git a/moonclient/moonclient/tests/tests_action_categories.json b/moonclient/moonclient/tests/tests_action_categories.json new file mode 100644 index 00000000..dfd4be62 --- /dev/null +++ b/moonclient/moonclient/tests/tests_action_categories.json @@ -0,0 +1,236 @@ +{ + "command_options": "-f value", + "tests_group": { + "authz": [ + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!alt_demo)", + "description": "Check if tenant alt_demo is used." + }, + { + "name": "add tenant alt_demo", + "command": "tenant add alt_demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant alt_demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+alt_demo", + "description": "Check that tenant alt_demo has been correctly added" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension create --policy_model policy_authz authz_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant alt_demo", + "command_options": "" + }, + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_action_category", + "command": "action category add my_new_action_category", + "result": "", + "description": "Add the new action category my_new_action_category", + "command_options": "" + }, + { + "name": "list_action_category", + "command": "action category list", + "result": "(?P<uuid_action_category>\\w+)\\s+my_new_action_category", + "description": "Check that my_new_action_category action_category was added." + }, + { + "name": "delete_action_category", + "command": "action category delete $uuid_action_category", + "result": "^$", + "description": "Delete my_new_action_category action_category.", + "command_options": "" + }, + { + "name": "list_action_category", + "command": "action category list", + "result": "(?!$uuid_action_category)", + "description": "Check that my_new_action_category action_category was deleted." + }, + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant alt_demo", + "command_options": "" + } + ], + "authz_and_admin": [ + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!alt_demo)", + "description": "Check if tenant alt_demo is used." + }, + { + "name": "add tenant alt_demo", + "command": "tenant add alt_demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant alt_demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+alt_demo", + "description": "Check that tenant alt_demo has been correctly added" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension create --policy_model policy_authz authz_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "create_intraextension_admin", + "command": "intraextension create --policy_model policy_admin admin_test", + "result": "IntraExtension created: (?P<uuid_admin>\\w+)", + "description": "Create an admin intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_admin", + "command": "intraextension list", + "result": "$uuid_admin", + "description": "Check the existence of that admin intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant demo", + "command_options": "" + }, + { + "name": "set_tenant_admin", + "command": "tenant set --admin $uuid_admin $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant alt_demo", + "command_options": "" + }, + { + "name": "check tenant alt_demo and authz ie", + "command": "tenant list", + "result": "alt_demo $uuid_authz", + "description": "Check that authz intra extension has been correctly added to the tenant.", + "command_options": "-c name -c intra_authz_extension_id -f value" + }, + { + "name": "check tenant alt_demo and admin ie", + "command": "tenant list", + "result": "$uuid_admin", + "description": "Check that admin intra extension has been correctly added to the tenant.", + "command_options": "-c intra_admin_extension_id -f value" + }, + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_action_category", + "command": "action category add my_new_action_category", + "result": "", + "description": "Add the new action category my_new_action_category", + "command_options": "" + }, + { + "name": "list_action_category", + "command": "action category list", + "result": "(?P<uuid_action_category>\\w+)\\s+my_new_action_category", + "description": "Check that my_new_action_category action_category was added." + }, + { + "name": "delete_action_category", + "command": "action category delete $uuid_action_category", + "result": "^$", + "description": "Delete my_new_action_category action_category.", + "command_options": "" + }, + { + "name": "list_action_category", + "command": "action category list", + "result": "(?!$uuid_action_category)", + "description": "Check that my_new_action_category action_category was deleted." + }, + { + "name": "delete_admin_intra_extension", + "command": "intraextension delete $uuid_admin", + "result": "", + "description": "Delete the admin intra extension", + "command_options": "" + }, + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant alt_demo", + "command_options": "" + } + ] + } +}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_object_categories.json b/moonclient/moonclient/tests/tests_object_categories.json new file mode 100644 index 00000000..cd7ad01a --- /dev/null +++ b/moonclient/moonclient/tests/tests_object_categories.json @@ -0,0 +1,236 @@ +{ + "command_options": "-f value", + "tests_group": { + "authz": [ + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!alt_demo)", + "description": "Check if tenant alt_demo is used." + }, + { + "name": "add tenant alt_demo", + "command": "tenant add alt_demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant alt_demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+alt_demo", + "description": "Check that tenant alt_demo has been correctly added" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension create --policy_model policy_authz authz_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant alt_demo", + "command_options": "" + }, + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_object_category", + "command": "object category add my_new_object_category", + "result": "", + "description": "Add the new object category my_new_object_category", + "command_options": "" + }, + { + "name": "list_object_category", + "command": "object category list", + "result": "(?P<uuid_object_category>\\w+)\\s+my_new_object_category", + "description": "Check that my_new_object_category object_category was added." + }, + { + "name": "delete_object_category", + "command": "object category delete $uuid_object_category", + "result": "^$", + "description": "Delete my_new_object_category object_category.", + "command_options": "" + }, + { + "name": "list_object_category", + "command": "object category list", + "result": "(?!$uuid_object_category)", + "description": "Check that my_new_object_category object_category was deleted." + }, + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant alt_demo", + "command_options": "" + } + ], + "authz_and_admin": [ + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!alt_demo)", + "description": "Check if tenant alt_demo is used." + }, + { + "name": "add tenant alt_demo", + "command": "tenant add alt_demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant alt_demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+alt_demo", + "description": "Check that tenant alt_demo has been correctly added" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension create --policy_model policy_authz authz_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "create_intraextension_admin", + "command": "intraextension create --policy_model policy_admin admin_test", + "result": "IntraExtension created: (?P<uuid_admin>\\w+)", + "description": "Create an admin intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_admin", + "command": "intraextension list", + "result": "$uuid_admin", + "description": "Check the existence of that admin intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant demo", + "command_options": "" + }, + { + "name": "set_tenant_admin", + "command": "tenant set --admin $uuid_admin $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant alt_demo", + "command_options": "" + }, + { + "name": "check tenant alt_demo and authz ie", + "command": "tenant list", + "result": "alt_demo $uuid_authz", + "description": "Check that authz intra extension has been correctly added to the tenant.", + "command_options": "-c name -c intra_authz_extension_id -f value" + }, + { + "name": "check tenant alt_demo and admin ie", + "command": "tenant list", + "result": "$uuid_admin", + "description": "Check that admin intra extension has been correctly added to the tenant.", + "command_options": "-c intra_admin_extension_id -f value" + }, + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_object_category", + "command": "object category add my_new_object_category", + "result": "", + "description": "Add the new object category my_new_object_category", + "command_options": "" + }, + { + "name": "list_object_category", + "command": "object category list", + "result": "(?P<uuid_object_category>\\w+)\\s+my_new_object_category", + "description": "Check that my_new_object_category object_category was added." + }, + { + "name": "delete_object_category", + "command": "object category delete $uuid_object_category", + "result": "^$", + "description": "Delete my_new_object_category object_category.", + "command_options": "" + }, + { + "name": "list_object_category", + "command": "object category list", + "result": "(?!$uuid_object_category)", + "description": "Check that my_new_object_category object_category was deleted." + }, + { + "name": "delete_admin_intra_extension", + "command": "intraextension delete $uuid_admin", + "result": "", + "description": "Delete the admin intra extension", + "command_options": "" + }, + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant alt_demo", + "command_options": "" + } + ] + } +}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_subject_categories.json b/moonclient/moonclient/tests/tests_subject_categories.json new file mode 100644 index 00000000..644d78b5 --- /dev/null +++ b/moonclient/moonclient/tests/tests_subject_categories.json @@ -0,0 +1,236 @@ +{ + "command_options": "-f value", + "tests_group": { + "authz": [ + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!alt_demo)", + "description": "Check if tenant alt_demo is used." + }, + { + "name": "add tenant alt_demo", + "command": "tenant add alt_demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant alt_demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+alt_demo", + "description": "Check that tenant alt_demo has been correctly added" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension create --policy_model policy_authz authz_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant alt_demo", + "command_options": "" + }, + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_subject_category", + "command": "subject category add my_new_subject_category", + "result": "", + "description": "Add the new subject category my_new_subject_category", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "subject category list", + "result": "(?P<uuid_subject_category>\\w+)\\s+my_new_subject_category", + "description": "Check that my_new_subject_category subject_category was added." + }, + { + "name": "delete_subject_category", + "command": "subject category delete $uuid_subject_category", + "result": "^$", + "description": "Delete my_new_subject_category subject_category.", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "subject category list", + "result": "(?!$uuid_subject_category)", + "description": "Check that my_new_subject_category subject_category was deleted." + }, + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant alt_demo", + "command_options": "" + } + ], + "authz_and_admin": [ + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!alt_demo)", + "description": "Check if tenant alt_demo is used." + }, + { + "name": "add tenant alt_demo", + "command": "tenant add alt_demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant alt_demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+alt_demo", + "description": "Check that tenant alt_demo has been correctly added" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension create --policy_model policy_authz authz_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "create_intraextension_admin", + "command": "intraextension create --policy_model policy_admin admin_test", + "result": "IntraExtension created: (?P<uuid_admin>\\w+)", + "description": "Create an admin intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_admin", + "command": "intraextension list", + "result": "$uuid_admin", + "description": "Check the existence of that admin intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant demo", + "command_options": "" + }, + { + "name": "set_tenant_admin", + "command": "tenant set --admin $uuid_admin $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant alt_demo", + "command_options": "" + }, + { + "name": "check tenant alt_demo and authz ie", + "command": "tenant list", + "result": "alt_demo $uuid_authz", + "description": "Check that authz intra extension has been correctly added to the tenant.", + "command_options": "-c name -c intra_authz_extension_id -f value" + }, + { + "name": "check tenant alt_demo and admin ie", + "command": "tenant list", + "result": "$uuid_admin", + "description": "Check that admin intra extension has been correctly added to the tenant.", + "command_options": "-c intra_admin_extension_id -f value" + }, + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_subject_category", + "command": "subject category add my_new_subject_category", + "result": "", + "description": "Add the new subject category my_new_subject_category", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "subject category list", + "result": "(?P<uuid_subject_category>\\w+)\\s+my_new_subject_category", + "description": "Check that my_new_subject_category subject_category was added." + }, + { + "name": "delete_subject_category", + "command": "subject category delete $uuid_subject_category", + "result": "^$", + "description": "Delete my_new_subject_category subject_category.", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "subject category list", + "result": "(?!$uuid_subject_category)", + "description": "Check that my_new_subject_category subject_category was deleted." + }, + { + "name": "delete_admin_intra_extension", + "command": "intraextension delete $uuid_admin", + "result": "", + "description": "Delete the admin intra extension", + "command_options": "" + }, + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant alt_demo", + "command_options": "" + } + ] + } +}
\ No newline at end of file |